堆栈内存溢出
  简体   繁体   English

自定义 spring 启动安全未应用

[英]Custom spring boot security not applied

 原文  2020-05-09 17:17:57       java/ spring/ spring-boot/ spring-security

问题描述

I'm doing a MVC project with spring boot and spring security and jsp.我正在做一个带有 spring 引导和 spring 安全性和 jsp 的 MVC 项目。 I'm just training my spring and I have the same project running without spring boot.我只是在训练我的 spring 并且在没有 spring 引导的情况下运行相同的项目。 Currently I moved to springboot and when I start it, the custom security configuration is never applied.目前我搬到了springboot,当我启动它时,自定义安全配置永远不会应用。

I have no idea what is happening.我不知道发生了什么。

application.properties应用程序属性

# JDBC properties
#
spring.datasource.url=jdbc:mysql://localhost:3306/web_customer_tracker?useSSL=false&serverTimezone=UTC
spring.datasource.username=springstudent
spring.datasource.password=springstudent

# Spring Data JPA properties
spring.data.jpa.repository.packages=com.crm.dao
spring.data.jpa.entity.packages-to-scan=com.crm.beans

#
# SECURITY JDBC properties
#
security.datasource.jdbc-url=jdbc:mysql://localhost:3306/spring_security_demo_bcrypt?useSSL=false&serverTimezone=UTC
security.datasource.username=springstudent
security.datasource.password=springstudent
security.datasource.driver-class-name= com.mysql.jdbc.Driver

Configuration:配置:

 @Configuration
    @EnableWebSecurity
    public class DemoSecurityConfig extends WebSecurityConfigurerAdapter {

        // add a reference to our security data source

        @Autowired
        @Qualifier("securityDataSource")
        private DataSource securityDataSource;


        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {

            auth.jdbcAuthentication().dataSource(securityDataSource);

        }

        @Override
        public void configure(WebSecurity web) throws Exception {
            web.ignoring().antMatchers("/resources/**");
        }

        @Override
        protected void configure(HttpSecurity http) throws Exception {

            System.out.println("aplicando configuracion");
            http.authorizeRequests()
            .antMatchers("/employees/showForm*").hasAnyRole("MANAGER", "ADMIN")
            .antMatchers("/employees/save*").hasAnyRole("MANAGER", "ADMIN")
            .antMatchers("/employees/delete").hasRole("ADMIN")
            .antMatchers("/employees/**").hasRole("EMPLOYEE")
            .antMatchers("/resources/**").permitAll()
            .antMatchers("/showMyLoginPage").permitAll()
            .and()
            .formLogin()
                .loginPage("/showMyLoginPage")
                .loginProcessingUrl("/authenticateTheUser")
                .permitAll()
            .and()
            .logout().permitAll()
            .and()
            .exceptionHandling().accessDeniedPage("/access-denied");

        }


    }

Configuration:配置:

 @Configuration
@EnableJpaRepositories(basePackages={"${spring.data.jpa.repository.packages}"})
public class DemoDataSourceConfig {

    @Primary
    @Bean
    @ConfigurationProperties(prefix="spring.datasource")
    public DataSource appDataSource() {
        return DataSourceBuilder.create().build();
    }

    @Bean
    @ConfigurationProperties(prefix="spring.data.jpa.entity")
    public LocalContainerEntityManagerFactoryBean entityManagerFactory(EntityManagerFactoryBuilder builder, DataSource appDataSource) {
        return builder
                .dataSource(appDataSource)
                .build();
    }

    @Bean
    @ConfigurationProperties(prefix="security.datasource")
    public DataSource securityDataSource() {
        return DataSourceBuilder.create().build();
    }
}

POM.xml POM.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.1.8.RELEASE</version>
        <relativePath /> <!-- lookup parent from repository -->
    </parent>
    <groupId>com.crm</groupId>
    <artifactId>Crm-Pet-Clinic</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>Crm-Pet-Clinic</name>
    <description>Demo project for Spring Boot</description>

    <properties>
        <java.version>1.8</java.version>
        <maven-jar-plugin.version>3.1.1</maven-jar-plugin.version>
    </properties>

    <dependencies>

            <!-- Add Spring Security Taglibs support -->
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-taglibs</artifactId>
        </dependency>

        <!-- Servlet, JSP and JSTL support -->
        <dependency>
            <groupId>org.apache.tomcat.embed</groupId>
            <artifactId>tomcat-embed-jasper</artifactId>
            <scope>provided</scope>
        </dependency>

        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>jstl</artifactId>
        </dependency>


        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency>

        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <scope>runtime</scope>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>

        <dependency>
            <groupId>org.thymeleaf.extras</groupId>
            <artifactId>thymeleaf-extras-springsecurity5</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-devtools</artifactId>
            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>

    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

</project>

1 个解决方案

解决方案1
 0  2020-05-10 05:09:54

There seem to be an issue with the application.properties file. application.properties文件似乎存在问题。 When you have multiple datasources defined, you need to use jdbc-url or jdbcUrl instead of url .当您定义了多个数据源时,您需要使用jdbc-urljdbcUrl而不是url Below is an example下面是一个例子

# JDBC properties
# Change the below line to jdbc-url instead of url
spring.datasource.jdbc-url=jdbc:mysql://localhost:3306/web_customer_tracker?useSSL=false&serverTimezone=UTC
# OR Change the below line to jdbcUrl instead of url
spring.datasource.jdbcUrl=jdbc:mysql://localhost:3306/web_customer_tracker?useSSL=false&serverTimezone=UTC
spring.datasource.username=springstudent
spring.datasource.password=springstudent

Instead of url you need to provide it as the jdbc-url or as jdbcUrl .您需要将其提供为jdbc-urljdbcUrl url By default, this is what Spring looks for when creating the DataSource bean.默认情况下,这是 Spring 在创建DataSource bean 时查找的内容。 Read here and here for more information on how the binding happens and how the aliases work under the hood for Spring.阅读此处此处以获取有关绑定如何发生以及别名如何在 Spring 的后台工作的更多信息。 These same tutorials also have information on how to deal with situations like this if you prefer not to go with the default spring configurations.如果您不喜欢使用默认 spring 配置的 go,这些相同的教程还包含有关如何处理此类情况的信息。

And as a side note, with spring boot.附带说明一下,使用 spring 引导。 You do not have to provide a driver-class .您不必提供driver-class That is determined automatically.这是自动确定的。

Spring Boot also provides a utility builder class, called DataSourceBuilder, that can be used to create one of the standard data sources (if it is on the classpath). Spring Boot 还提供了一个实用程序构建器 class,称为 DataSourceBuilder,可用于创建标准数据源之一(如果它位于类路径上)。 The builder can detect the one to use based on what's available on the classpath.构建器可以根据类路径上可用的内容来检测要使用的内容。 It also auto-detects the driver based on the JDBC URL.它还根据 JDBC URL 自动检测驱动程序。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Spring Boot Security 4自定义PasswordEncoder - Spring Boot Security 4 custom PasswordEncoder Spring boot 自定义身份验证过滤器未应用 - Spring boot Custom authentication filter is not applied 使用Spring Security和自定义数据库的Spring Boot - Spring boot with Spring Security and custom database Spring安全和自定义AuthenticationFilter与Spring启动 - Spring security and custom AuthenticationFilter with Spring boot Spring Boot + Spring Security 的自定义登录页面 - Custom Login Page for Spring Boot + Spring Security 带有自定义 AngularJS 登录页面的 Spring Boot 和安全性 - Spring Boot and Security with custom AngularJS Login page Spring Boot OAuth2带有自定义安全过滤器 - Spring Boot OAuth2 with custom security filter Spring Boot Security自定义登录表单 - spring boot security custom login form 使用自定义提供程序的Spring Boot安全性 - Spring boot security using custom provider Spring 具有自定义身份验证和 session 存储的引导安全性 - Spring Boot Security with custom auth & session storage
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM